[gptalk] Re: Default DC Policy

  • From: "Robert Mariani" <rmariani@xxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Wed, 30 Aug 2006 16:09:09 +1000 (EST)


thanks doug - it is a 2003 domain - i will update with the  "Enterprise Domain
Controllers" group

thanks
Rob



On Wed, August
30, 2006 3:10 pm, Delaney, Doug said: 
> if the domain is 2003, the
"Enterprise Domain Controllers" group has 
> read access... 
>

> 
> Doug Delaney 
> GM Desktop Engineering 
> Global
Client Engineering GM 
> 1075 W. Entrance Dr., MS 2B, Cube 2130 
>
Auburn Hills, MI 48326 
> Lab: 248-365-9187 
> Tel: 248-754-7917 
> Pg: 248-870-0306 pager 
> Mail: Doug.Delaney@xxxxxxx 
> 
> Note: The information in this email is intended solely for the 
>
addressee. Access to this email by anyone else is unauthorized. If you 
> are
not the intended recipient, any disclosure, copying, distribution or 
> any
action taken or omitted to be taken in reliance on it is prohibited. 
> 
> 
> -----Original Message----- 
> 
From:
gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] 
> On Behalf Of
Darren Mar-Elia 
> Sent: Wednesday, August 30, 2006 3:57 AM 
> To:
gptalk@xxxxxxxxxxxxx 
> Subject: [gptalk] Re: Default DC Policy 
> 
> If the GPO is linked to the DC OU, then there's no harm in granted Auth. 
> Users access to it to get things working. I don't have a DC in front of 
> me to see what the default perms on that GPO should be but I'm guessing 
> the Domain Controllers group probably has read rights as well. 
> 
> 
> 
> -----Original message----- 
> 
From:
"Robert Mariani" rmariani@xxxxxxxxxxx 
> Date: Tue, 29 Aug 2006
23:35:43 -0400 
> To: gptalk@xxxxxxxxxxxxx 
> Subject: [gptalk] Re:
Default DC Policy 
> 
>> 
>> 
>> Hi Darren - I
have given Authenticated Users read access to this file 
>> and a gpoupdate
/force applies without error. 
>> 
>> should this file have that
security on it as my default domain policy 
>> doesn't 
>> 
>> 
>> 
>> 
>> On Wed, August 30, 2006 5:10 
>> pm, Darren Mar-Elia said: 
>> > Robert- 
>> > You
might want to check the 
>> following: 
>> > 
>>
> 1) that the registry.pol file is actually there 
>> > 2) that the
permissions that appear on it look ok (that System and 
>> > Authenticated

>> Users 
>> > have at least Read access to it) 
>>
> 
>> > If the above are 
>> true, then you might want to
download my polviewer utility on my site 
>> > and use 
>> it
to try and open that registry.pol file. If the file format is 
>> corrupted,
then 
>> > it will report that and you know that the file is no good and

>> > probably needs to 
>> be 
>> > rebuilt. 
>> > 
>> > Darren 
>> > 
>> >
-----Original 
>> message----- 
>> > 
>> 
From:
"Robert Mariani" rmariani@xxxxxxxxxxx 
>> > Date: Tue, 29 Aug
2006 23:05:12 -0400 
>> > To: gptalk@xxxxxxxxxxxxx 
>> >
Subject: [gptalk] Default DC Policy 
>> > 
>> >> 
>> >> 
>> >> 
>> >> Hi All, 
>> >> ?? I had the unfortunate experience of 
>> having to do
an 
>> >> authoriative domain restore this morning. 
>>
>> 
>> 
>> >> Everything went ok - except bloody
Veritas Backup Exec 
>> playing up a bit? 
>> >> 
>> >> I am seeing only one error showing 
>> >> when my
DC's apply the default domain contollers policy 
>> >> 
>>
>> it is an error 1043 
>> >> followed by 1096 
>>
>> 
>> >> 
>> >> Windows cannot access the
registry policy file, 
>> >> 
>> 
>
<domain>\sysvol\<domain>\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9} 
> \Machine\registry.pol. 
>> 
>> >> (Access is denied.
). 
>> >> 
>> >> For more information, 
>>
see Help and Support Center at 
>> >>
http://go.microsoft.com/fwlink/events.asp. 
>> 
>> >> 
>> >> 
>> >> anyone got any ideas in how 
>>
>> 
>> to correct?? 
>> >> 
>> >>
Thanks 
>> >> Robert 
>> >> 
>> 
>> >> 
>> > 
>> > *********************** 
>> > You can 
>> unsubscribe from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx with 
>> > 
>>
'unsubscribe' in the Subject field OR by logging into the 
> freelists.org Web
interface. 
>> 
>> > Archives for the list are available at 
>> http://www.freelists.org/archives/gptalk/ 
>> >
************************ 
>> > 
>> 
>> 
>> 
> 
> *********************** 
> You can unsubscribe
from gptalk by sending email to 
> gptalk-request@xxxxxxxxxxxxx with
'unsubscribe' in the Subject field OR 
> by logging into the freelists.org Web
interface. Archives for the list 
> are available at
http://www.freelists.org/archives/gptalk/ 
> ************************ 
>
*********************** 
> You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 
> 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. 
> Archives for the list are
available at http://www.freelists.org/archives/gptalk/ 
>
************************ 
> 

Other related posts: